Transparent Data Encryption and the Latest Data Breach

Well, It’s happened again. Hundreds of thousands of private records were stolen from a database. This one, however, was different. No one stole any passwords, no one did any social engineering, nothing was captured in-line. No, this one was accomplished by stealing the actual hard drives themselves! When a thief breaks in and steals hard drives, you can be sure they know what they are after.

So even if the company had taken all of the regular authentication precautions and so on, the thieves could still take this step. But the data loss could still be prevented…

Enterprise SQL Server 2008 (and later) has a new feature called “Transparent Data Encryption”. When you turn this feature on, you don’t have to change anything in your applications – from then on, the data files, log files, tempdb and even the data on the backup files are encrypted. Without the certificate you use to encrypt them, the thief can’t get to the data.

I’m sometimes asked why a company should upgrade to the latest version of SQL Server, or why Enterprise Edition is important. A few hundred thousand private records sounds like a pretty good reason to me.

No, as the documentation plainly states you create your cert on a secondary media type, then back that up. Both of those are kept in another location, apart from the server, where they won't be stolen, not part of the same system, room, building or access pattern.

And this is precisely why this feature should NOT be enterprise edition only. Most enterprise environments have pretty good security around their physical systems. It's the smaller shops that can't justify the $25K/core cost of Enterprise that need this protection the most. (I know it's not your decision, Buck, but it points out how completely out of touch with reality the marketing folks are.)